Skip to main content
SpringerLink
Log in

Detecting the Lateral Movement in Cyberattack at the Early Stage Using Machine Learning Techniques

  • Conference paper
  • First Online:
Disruptive Technologies for Big Data and Cloud Applications

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 905))

  • 463 Accesses

Abstract

Cyberattacks are always a big threat for companies and organizations worldwide. The impact of the security breach affects the financial, reputational, and legal areas of the companies and organizations. So, the demand is high for a rapid solution to detect cyberattacks as early as possible. Advanced persistent threats (APTs) are sophisticated and targeted cyberattacks which have long persistence inside the network. During an APT, the attacker will expand its reach over the network. This stage is called lateral movement, which is the very important stage in APT. In this paper, the importance of identifying the APT in the early stage and how it can be detected using the machine learning approach is discussed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Pone Mon Institute LLC, Cost of a data breach study: global overview. Technical report (2018)

    Google Scholar 

  2. P. Chen, L. Desmet, C. Huygens, A study on advanced persistent threats. 8735 (2014)

    Google Scholar 

  3. R. Bace, Intrusion detection. Macmillan Technical Publishing, 201 West 103rd Street, Indianapolis, IN 46290, 2000

    Google Scholar 

  4. K. Scarfone, P. Mell, Guide to intrusion detection and prevention systems (IDPS). Technical report 800–94, National Institute of Standards and Technology, Gaithersburg, MD 20899–8930, Feb 2007

    Google Scholar 

  5. S. Wagh, V. Pachghare, S. Kolhe, Survey on intrusion detection system using machine learning techniques. Int. J. Comput. Appl. 78(16) (2013)

    Google Scholar 

  6. L. haripriya, M.A. Jabbar, A novel intrusion detection system using ANN and feature subset selection. Int. J. Eng. Technol. (2018)

    Google Scholar 

  7. N. Farnaaz, M.A. Jabbar, in Random Forest Modeling for Network Intrusion Detection System (Elsevier, Science Direct, 2016)

    Google Scholar 

  8. A. Sultana, M.A. Jabbar, Intelligent network intrusion detection system using data mining techniques, in IEEE Explore 2017

    Google Scholar 

  9. M.A. Jabbar, R. Aluvalu, S. Sai Satyanarayana Reddy, in RFAODE: A Novel Ensemble Intrusion Detection System (Elsevier, ICACC-2017)

    Google Scholar 

  10. M. Nikhitha, M.A. Jabbar, K nearest neighbor based model for intrusion detection system. Int. J. Recent Technol. Eng. (IJRTE) 8(2) (2019). ISSN: 2277-3878

    Google Scholar 

  11. M. Ranzato, Y.L. Boureau, Y. LeCun, Sparse feature learning for deep belief networks, in Advances in Neural Information Processing Systems (MIT Press, Cambridge, MA, USA, 2008), pp. 1185–1192

    Google Scholar 

  12. F. Lv, M. Han, T. Qiu, Remote sensing image classification based on ensemble extreme learning machine with stacked autoencoder. IEEE Access 5, 9021–9031 (2017)

    Article  Google Scholar 

  13. H. Karimipour, V. Dinavahi, On false data injection attack against dynamic state estimation on smart power grids, in 2017 5th IEEE International Conference on Smart Energy Grid Engineering (SEGE, 2017)

    Google Scholar 

  14. https://en.wikipedia.org/wiki/Active_Directory

  15. I. Ullah, Detecting lateral movement attacks through SMB using bro. Master’s thesis, University of Twente, November 2016

    Google Scholar 

  16. Extending BloodHound, Red team Adventures, 6 February 2020. Available: https://riccardoancarani.github.io/2020-02-06-extending-bloodhound-pt1/

  17. https://github.com/gentilkiwi/mimikatz/wiki

  18. G.K. Befekadu, V. Gupta, P.J. Antsaklis, Risk-sensitive control under markov modulated denial-of-service (DoS) attack strategies. IEEE Trans. Autom. Control 60(12), 3299–3304 (2015)

    Article  MathSciNet  Google Scholar 

  19. H. Bourlard, Y. Kamp, Auto-association by multilayer perceptrons and singular value decomposition. Biol. Cybern. 59(4–5), 291–294 (1988)

    Google Scholar 

  20. G.E. Hinton, G.E. Hinton, R.S. Zemel, in Autoencoders, Minimum Description Length and Helmholtz Free Energy (1994)

    Google Scholar 

  21. C.S. Wickramasinghe, D.L. Marino, K. Amarasinghe, M. Manic, Generalization of deep learning for cyber-physical system security: a survey, in Proceedings of the IECON 2018–44th Annual Conference of the IEEE Industrial Electronics Society (Washington, DC, USA, 2018), pp. 745–751

    Google Scholar 

  22. K. Fukushima, Cognitron: a self-organizing multilayered neural network. Biol. Cybern. 20, 121–136 (1975)

    Google Scholar 

  23. A.N. Jahromi, J. Sakhnini, A. Dehghantanha, A deep unsupervised representation learning approach for effective cyber-physical attack detection and identification on highly imbalanced data, pp. 2–11

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Karunya Institute of Technology and Science, Coimbatore, Tamil Nadu, India

    Ashwathy Anda Chacko, Bijolin Edwin & M. Roshni Thanka

Authors
  1. Ashwathy Anda Chacko
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bijolin Edwin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. M. Roshni Thanka
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bijolin Edwin .

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Karunya Institute of Technology and Sciences, Coimbatore, Tamil Nadu, India

    J. Dinesh Peter

  2. Department of Computer Science, Creighton University, Omaha, NE, USA

    Steven Lawrence Fernandes

  3. Civil and Environmental Engineering, University of Pittsburgh, Pittsburgh, PA, USA

    Amir H. Alavi

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chacko, A.A., Edwin, B., Thanka, M.R. (2022). Detecting the Lateral Movement in Cyberattack at the Early Stage Using Machine Learning Techniques. In: Peter, J.D., Fernandes, S.L., Alavi, A.H. (eds) Disruptive Technologies for Big Data and Cloud Applications. Lecture Notes in Electrical Engineering, vol 905. Springer, Singapore. https://doi.org/10.1007/978-981-19-2177-3_54

Download citation

Publish with us

Policies and ethics

Search

Navigation